Apache HTTP Server mod_proxy Denial Of Service Vulnerability

July 18th, 2014

Vulnerability Details


This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Apache HTTP Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the mod_proxy module. The issue lies in the processing of HTTP headers when an invalid request is made. An attacker can leverage this flaw to crash a remote instance of Apache HTTP server.

Additional Details

Apache has issued an update to correct this vulnerability. More details can be found at:
http://httpd.apache.org/security/vulnerabilities_24.html

Disclosure Timeline

  • 2014-04-07 - Vulnerability reported to vendor
  • 2014-07-18 - Coordinated public release of advisory

Credit

AKAT-1
22733db72ab3ed94b5f8a1ffcde850251fe6f466
Marek Kroemeke

Back to Advisories